blackmoon | 28b88d6063e27361f19816c0186fcfd6602d327e6407e98893bbb7e595563cf3

Sharing

Copy URL Twitter E-mail

General

Target

28b88d6063e27361f19816c0186fcfd6602d327e6407e98893bbb7e595563cf3
Size

316KB
MD5

25197af9391d7ab61ac66d69dd9accb8
SHA1

12112706d8b0836423b6f8d6cf08a59ef8766cfb
SHA256

28b88d6063e27361f19816c0186fcfd6602d327e6407e98893bbb7e595563cf3
SHA512

4409a872aa3de5962aefa54f0dc29e40cfd4264012b5349c1c0197148b37553245684d8ad333fc242c1ba4a800089dd74123afe06b2f93639e3ecec9f9e90dd9
SSDEEP

3072:T4PcJlCcv+k/Q131RDYYYLXoqm6eguFIR:T4P9cvhQh1cQP

Score

10^/10

upx blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28b88d6063e27361f19816c0186fcfd6602d327e6407e98893bbb7e595563cf3

Files

28b88d6063e27361f19816c0186fcfd6602d327e6407e98893bbb7e595563cf3
.exe windows:4 windows x86 arch:x86

80101b7cdff9c96b2ad347caaa98701b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
WriteFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
CreateDirectoryA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCommandLineA
SetStdHandle
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
WideCharToMultiByte
SetErrorMode
lstrcatA
lstrcpyA
lstrcpynA
GetCurrentThreadId
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalLock
GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
InterlockedDecrement
GetVersion
SetLastError
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
HeapSize
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
IsBadCodePtr

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

comctl32

ord17

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GetStockObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx

shell32

SHGetSpecialFolderPathA

shlwapi

PathIsDirectoryW

user32

GetParent
IsWindowEnabled
GetForegroundWindow
SetForegroundWindow
SetWindowsHookExA
CallNextHookEx
GetKeyState
SendMessageA
UnhookWindowsHookEx
LoadStringA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetDlgCtrlID
GetWindowTextA
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
EnableWindow
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
wsprintfA
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
DispatchMessageA
TranslateMessage
MessageBoxA
GetMenu
PeekMessageA
GetMessageA

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Sections

UPX0
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80101b7cdff9c96b2ad347caaa98701b

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

shell32

shlwapi

user32

wininet

winspool.drv

Sections

UPX0 Size: 176KB - Virtual size: 176KB

UPX1 Size: 64KB - Virtual size: 64KB

.rsrc Size: 72KB - Virtual size: 72KB

UPX0
Size: 176KB - Virtual size: 176KB

UPX1
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 72KB - Virtual size: 72KB